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What is claimed is; 

1. A distributed subscriber management method for a user network for performing user 
authentication for an external network at an access control node, the external network being 
connected to the access control node by means of an aqcess network; comprising: 

5 (a) receiving, at an access control node operatively connected to a plurality of user 

networks, a data unit from a user located on one of the plurality of user networks; 

(b) determining that the data unit requires authentication; 

(c) authenticating the determined data unit; ; and 

(d) determining that the authenticated data unit is eligible for transmission. 
10 ! 

2. The distributed subscriber management method as claimed in claim 1, wherein 
authenticating includes interrogating the user for access information. 

t 

3. The distributed subscriber management method as claimed in claim 2, wherein 
15 authenticating includes transmitting the access information to an authentication server of an 

external network. 

4. The distributed subscriber management method as claimed in claim 3, wherein 
authenticating includes transmitting an authentication message from the authentication server to 

20 the access control node to permit the user to access the'extemal network. 

5. The distributed subscriber management method as claimed in claim 4, further including 
encrypting the access information at the access control node prior to transmitting the access 
information; and decrypting the access information at the authentication server. 

25 \ 

I 

6. The distributed subscriber management method as claimed in claim 3, wherein the 

authentication server of the external network employs remote authentication dial-in user service 

i 

protocol j 
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7. The distributed subscriber management method as claimed in cjaim 3, wherein the 

i 

authentication server of the external network employs password authentication protocol. 

I 

5 8. The distributed subscriber management method as claimed in claim 3, wherein the 
authentication server of the external network employs challenge handshake authentication 
protocol. | 

| 

9. The distributed subscriber management methhd as claimed in claim 3, wherein the 
10 authentication server of the external network employs [terminal access controller access control 

! 

system, ! 

i 

i 

10. The distributed subscriber management method as claimed in claim 1, farther including 
packet-labelling the data unit. j 

15 ; 

1 1 . The distributed subscriber management method as claimed in claim 4, farther including 
determining the contents of the authentication message] at the access control node. 

t 

12. The distributed subscriber management method as claimed in claim 11, further 
20 including dropping the data unit if the contents, indicate rejection. 

i 
i 

I 

13. The distributed subscriber management method as claimed in claim 11, further 
including examining the authentication message for authenticity. 

1 

f 

25 14. The distributed subscriber management method as claimed in claim 1, farther including 
collecting statistical usage information at the access no&e. 
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15. An integrated access device, for placement between a user network and an external 
network, the external network having an access rights authentication server, comprising: 

a user network interface for operatively connecting to a plurality of user networks to 
receive data units from the plurality of user networks; : 
5 an authentication agent, operatively connected to the user network interface for 

authenticating, authorising and forwarding data units received from the plurality of user 

I 

networks; 

an external network interface, operatively connected to the authentication agent, for 
forwarding data units authorised by the authentication agent to an external network. 

io ; 

16. An integrated access device as claimed in claim 15, wherein the user network interface 

includes a plurality of ingress cards and the external network interface includes an egress card. 

i 
i 

17. An integrated access device as claimed in claim 15, wherein the authentication agent 

1 5 includes a local authorisation table for authorising data; units. 

i 

18. An integrated access device as claimed in claim 15, wherein the authentication agent 

includes network address assignment and release means. 

j 

20 19. An integrated access device as claimed in claim 15, farther including service level 
enforcing means. I 

i 

19. An integrated access device as claimed in claim 15, further including network resource 
management means. ! 

25 ; 

i 

20. An integrated access device as claimed in claim 19, further including means for 
statistical usage collection means. I 



i 

l 

I 
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21. An integrated access device as claimed in claim 20, farther including alarm monitoring 
means. 

21. An integrated access device as claimed in claim 15, wherein the authorization client 
5 includes a password authentication protocol client. 

22. An integrated access device as claimed in claim 15, wherein the authorization client 
includes a challenge handshake authentication protocol client. 

10 23. An integrated access device as claimed in claim 15, wherein the authorization client 
includes a terminal access controller access coribrol system client. 

24. An integrated access device as claimed in claim 15, wherein the authorization client 
includes a remote authentication dial-in user service protocol client. 
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